MIP 2 - Path Traversal (CVE-2025-12055)

CVE-2025-12055 is a local file disclosure vulnerability affecting HYDRA X, MIP 2, and FEDRA 2 by MPDV Mikrolab GmbH, allowing unauthenticated attackers to read arbitrary files from the Windows operating system via the vulnerable "Filename" parameter in the $SCHEMAS$ resource. This flaw could be exploited remotely to access sensitive information, potentially leading to further attacks such as credential theft or reconnaissance.

CrowdSec has been tracking this vulnerability and its exploits since 10th of December 2025.

CrowdSec network observations suggest that most exploitation of CVE-2025-12055 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. CrowdSec data also reveals a clear uptick in attacks involving CVE-2025-12055 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.

Attackers exploit this vulnerability by sending requests to /hx/resources/public/$SCHEMAS$ with a crafted Filename parameter to perform path traversal and access sensitive files on the Windows OS.